-
Securityfocus.com Defaced
Securityfocus home of bugtraq and other importantsecurity mailing lists was defaced today by theattacker known as "Fluffi Bunni". This is probablythe best known security site on the net and proofanything can be breached if one spends enough time.According to defaced.alldas.de the advertising companywas defaced and fed the image to securityfocusalthough no public statement has been…
-
Opera Browser has several Javascript vulnerabilities
Georgi Guninski has found that the operabrowser is vulnerable to multiple Javascript holes.These holes could allow an attacker to gain furtherprivileges.Opera Browser problems
-
Cgisecurity.com IDS rules used in Snort 1.8.2
I recently wrote some IDS rule sets I found to be usefulfor snort that would help detect known, and unknownport80 attacks. I submitted these rules to snort.organd they liked them so much they are now includedin the newest release.These rules were based from cgisecurity.com's paper #3which will be released later today.A copy of these new…
-
Fingerprinting Port 80 Attacks: A look into web server, and web application attack signatures.
This is the first paper on web application attack forensics published. This paper will give you a basic understanding of what web application attacks look like, and how they are used in real life examples. Fingerprinting Port 80 Attacks (ENG) Russian (Local Copy) (Russian) (Chinese) Japanese translation "The paper provides a nice no-frills overview of…
Favorite Links
- Security Templates (New)
- The Web Application Security Consortium
- QA Security
- The Web Security Mailing List
- Romain Gaucher’s Blog
- Jeremiah Grossman’s Blog
Popular Pages
WASC Threat Classification
- Abuse of Functionality
- Application Misconfiguration
- Brute Force Attack
- Content Spoofing
- Credential/Session Prediction
- Denial of Service
- Directory Indexing
- Information Leakage
- Remote File Inclusion Attack
- Routing Detour Attack
- SOAP Array Abuse
- XML Attribute Blowup
- XML Injection
- XML External Entity Attack